English
Powered By GitBook
Guide: How to build a Cardano Stake Pool
On Ubuntu/Debian, this guide will illustrate how to install and configure a Cardano stake pool from source code on a two node setup with 1 block producer node and 1 relay node.

โ€‹
๐ŸŽ‰
โˆž Pre-Announcements

If you want to support this free educational Cardano content or found this helpful, visit cointr.ee to find our donation addresses. Much appreciated in advance.
๐Ÿ™
As of October 12 2021, this is guide version 4.1.1 and written for cardano mainnet with release v.1.30.1
๐Ÿ˜

โ€‹
๐Ÿ“„
Changelog - Update Notes - October 12 2021

โ€‹
๐Ÿ
0. Prerequisites

โ€‹
๐Ÿง™โ™‚
Mandatory skills for stake pool operators

As a stake pool operator for Cardano, you will be competent with the following abilities:
    operational knowledge of how to set up, run and maintain a Cardano node continuously
    a commitment to maintain your node 24/7/365
    system operation skills
    server administration skills (operational and maintenance).

โ€‹
๐Ÿง™
Mandatory experience for stake pool operators

โ€‹
๐Ÿ›‘
Before continuing this guide, you must satisfy the above requirements.
๐Ÿšง

โ€‹
๐ŸŽ—
Minimum Stake Pool Hardware Requirements

    Two separate servers: 1 for block producer node, 1 for relay node
    One air-gapped offline machine (cold environment)
    Operating system: 64-bit Linux (i.e. Ubuntu Server 20.04 LTS)
    Processor: An Intel or AMD x86 processor with two or more cores, at 2GHz or faster
    Memory: 12GB of RAM
    Storage: 50GB of free storage
    Internet: Broadband internet connection with speeds at least 10 Mbps.
    Data Plan: at least 1GB per hour. 720GB per month.
    Power: Reliable electrical power
    ADA balance: at least 505 ADA for pool deposit and transaction fees
    Three separate servers: 1 for block producer node, 2 for relay nodes
    One air-gapped offline machine (cold environment)
    Operating system: 64-bit Linux (i.e. Ubuntu 20.04 LTS)
    Processor: 4 core or higher CPU
    Memory: 16GB+ of RAM
    Storage: 256GB+ SSD
    Internet: Broadband internet connections with speeds at least 100 Mbps
    Data Plan: Unlimited
    Power: Reliable electrical power with UPS
    ADA balance: more pledge is better, to be determined by a0, the pledge influence factor
If you need ideas on how to harden your stake pool's nodes, refer to

โ€‹
๐Ÿ› 
Setup Ubuntu

If you need to install Ubuntu Server, refer to
Install Ubuntu Server | Ubuntu
Ubuntu
For instructions on installing Ubuntu Desktop, refer to the following:

โ€‹
๐Ÿงฑ
Rebuilding Nodes

If you are rebuilding or reusing an existing cardano-node installation, refer to section 18.2 on how to reset the installation.โ€‹

โ€‹
๐Ÿญ
1. Install Cabal and GHC

If using Ubuntu Desktop, press Ctrl+Alt+T. This will launch a terminal window.
First, update packages and install Ubuntu dependencies.
1
sudo apt-get update -y
Copied!
1
sudo apt-get upgrade -y
Copied!
1
sudo apt-get install git jq bc make automake rsync htop curl build-essential pkg-config libffi-dev libgmp-dev libssl-dev libtinfo-dev libsystemd-dev zlib1g-dev make g++ wget libncursesw5 libtool autoconf -y
Copied!
Install Libsodium.
1
mkdir $HOME/git
2
cd $HOME/git
3
git clone https://github.com/input-output-hk/libsodium
4
cd libsodium
5
git checkout 66f017f1
6
./autogen.sh
7
./configure
8
make
9
sudo make install
Copied!
Debian OS pool operators: extra lib linking may be required.
1
sudo ln -s /usr/local/lib/libsodium.so.23.3.0 /usr/lib/libsodium.so.23
Copied!
AWS Linux CentOS pool operators: clearing the lib cache may be required.
1
sudo ldconfig
Copied!
Raspberry Pi 4 with Ubuntu pool operators : extra lib linking may be required.
1
sudo apt-get install libnuma-dev
Copied!
This will help to solve "cannot find -lnuma" error when compiling.
Install Cabal and dependencies.
1
sudo apt-get -y install pkg-config libgmp-dev libssl-dev libtinfo-dev libsystemd-dev zlib1g-dev build-essential curl libgmp-dev libffi-dev libncurses-dev libtinfo5
Copied!
1
curl --proto '=https' --tlsv1.2 -sSf https://get-ghcup.haskell.org | sh
Copied!
Answer NO to installing haskell-language-server (HLS).
Answer YES to automatically add the required PATH variable to ".bashrc".
1
cd $HOME
2
source .bashrc
3
ghcup upgrade
4
ghcup install cabal 3.4.0.0
5
ghcup set cabal 3.4.0.0
Copied!
Install GHC.
1
ghcup install ghc 8.10.4
2
ghcup set ghc 8.10.4
Copied!
Update PATH to include Cabal and GHC and add exports. Your node's location will be in $NODE_HOME. The cluster configuration is set by $NODE_CONFIG.
1
echo PATH="$HOME/.local/bin:$PATH" >> $HOME/.bashrc
2
echo export LD_LIBRARY_PATH="/usr/local/lib:$LD_LIBRARY_PATH" >> $HOME/.bashrc
3
echo export NODE_HOME=$HOME/cardano-my-node >> $HOME/.bashrc
4
echo export NODE_CONFIG=mainnet>> $HOME/.bashrc
5
source $HOME/.bashrc
Copied!
โ€‹
๐Ÿ’ก
How to use this Guide on TestNet
Run the following commands to set your NODE_CONFIG to testnet rather than mainnet.
1
echo export NODE_CONFIG=testnet>> $HOME/.bashrc
2
source $HOME/.bashrc
Copied!
As you work through this guide, replace every instance of CLI parameter
1
--mainnet
Copied!
with
1
--testnet-magic 1097911063
Copied!
Update cabal and verify the correct versions were installed successfully.
1
cabal update
2
cabal --version
3
ghc --version
Copied!
Cabal library should be version 3.4.0.0 and GHC should be version 8.10.4

โ€‹
๐Ÿ—
2. Build the node from source code

Download source code and switch to the latest tag.
1
cd $HOME/git
2
git clone https://github.com/input-output-hk/cardano-node.git
3
cd cardano-node
4
git fetch --all --recurse-submodules --tags
5
git checkout $(curl -s https://api.github.com/repos/input-output-hk/cardano-node/releases/latest | jq -r .tag_name)
Copied!
Configure build options.
1
cabal configure -O0 -w ghc-8.10.4
Copied!
Update the cabal config, project settings, and reset build folder.
1
echo -e "package cardano-crypto-praos\n flags: -external-libsodium-vrf" > cabal.project.local
2
sed -i $HOME/.cabal/config -e "s/overwrite-policy:/overwrite-policy: always/g"
3
rm -rf $HOME/git/cardano-node/dist-newstyle/build/x86_64-linux/ghc-8.10.4
Copied!
Build the cardano-node from source code.
1
cabal build cardano-cli cardano-node
Copied!
Building process may take a few minutes up to a few hours depending on your computer's processing power.
Copy cardano-cli and cardano-node files into bin directory.
1
sudo cp $(find $HOME/git/cardano-node/dist-newstyle/build -type f -name "cardano-cli") /usr/local/bin/cardano-cli
Copied!
1
sudo cp $(find $HOME/git/cardano-node/dist-newstyle/build -type f -name "cardano-node") /usr/local/bin/cardano-node
Copied!
Verify your cardano-cli and cardano-node are the expected versions.
1
cardano-node version
2
cardano-cli version
Copied!

โ€‹
๐Ÿ“
3. Configure the nodes

Here you'll grab the config.json, genesis.json, and topology.json files needed to configure your node.
1
mkdir $NODE_HOME
2
cd $NODE_HOME
3
wget -N https://hydra.iohk.io/job/Cardano/cardano-node/cardano-deployment/latest-finished/download/1/${NODE_CONFIG}-config.json
4
wget -N https://hydra.iohk.io/job/Cardano/cardano-node/cardano-deployment/latest-finished/download/1/${NODE_CONFIG}-byron-genesis.json
5
wget -N https://hydra.iohk.io/job/Cardano/cardano-node/cardano-deployment/latest-finished/download/1/${NODE_CONFIG}-shelley-genesis.json
6
wget -N https://hydra.iohk.io/job/Cardano/cardano-node/cardano-deployment/latest-finished/download/1/${NODE_CONFIG}-alonzo-genesis.json
7
wget -N https://hydra.iohk.io/job/Cardano/cardano-node/cardano-deployment/latest-finished/download/1/${NODE_CONFIG}-topology.json
Copied!
Run the following to modify mainnet-config.json and
    update TraceBlockFetchDecisions to "true"
1
sed -i ${NODE_CONFIG}-config.json \
2
-e "s/TraceBlockFetchDecisions\": false/TraceBlockFetchDecisions\": true/g"
Copied!
โ€‹
โœจ
Tip for relay and block producer nodes: It's possible to reduce the number of missed slot leader checks, memory and cpu usage by setting "TraceMempool" to "false" in mainnet-config.json
Update .bashrc shell variables.
1
echo export CARDANO_NODE_SOCKET_PATH="$NODE_HOME/db/socket" >> $HOME/.bashrc
2
source $HOME/.bashrc
Copied!

โ€‹
๐Ÿ”ฎ
4. Configure the block-producer node

A block producer node will be configured with various key-pairs needed for block generation (cold keys, KES hot keys and VRF hot keys). It can only connect to its relay nodes.
A relay node will not be in possession of any keys and will therefore be unable to produce blocks. It will be connected to its block-producing node, other relays and external nodes.
For the purposes of this guide, we will be building two nodes on two separate servers. One node will be designated the block producer node, and the other will be the relay node, named relaynode1.
Configure topology.json file so that
    relay node(s) connect to public relay nodes (like IOHK and buddy relay nodes) and your block-producer node
    block-producer node only connects to your relay node(s)
On your block-producer node, run the following. Update the addr with your relay node's public IP address.
block producer node
1
cat > $NODE_HOME/${NODE_CONFIG}-topology.json << EOF
2
{
3
"Producers": [
4
{
5
"addr": "<RELAYNODE1'S PUBLIC IP ADDRESS>",
6
"port": 6000,
7
"valency": 1
8
}
9
]
10
}
11
EOF
Copied!

โ€‹
๐Ÿ›ธ
5. Configure the relay node(s)

โ€‹
๐Ÿšง
On your other server that will be designed as your relay node or what we will call relaynode1 throughout this guide, carefully repeat steps 1 through 3 in order to build the cardano binaries.
You can have multiple relay nodes as you scale up your stake pool architecture. Simply create relaynodeN and adapt the guide instructions accordingly.
On your relaynode1, run with the following after updating with your block producer's public IP address.
relaynode1
1
cat > $NODE_HOME/${NODE_CONFIG}-topology.json << EOF
2
{
3
"Producers": [
4
{
5
"addr": "<BLOCK PRODUCER NODE'S PUBLIC IP ADDRESS>",
6
"port": 6000,
7
"valency": 1
8
},
9
{
10
"addr": "relays-new.cardano-mainnet.iohk.io",
11
"port": 3001,
12
"valency": 2
13
}
14
]
15
}
16
EOF
Copied!
Valency tells the node how many connections to keep open. Only DNS addresses are affected. If value is 0, the address is ignored.
โ€‹
โœจ
Port Forwarding Tip: You'll need to forward and open ports 6000 to your nodes. Check with https://www.yougetsignal.com/tools/open-ports/ or https://canyouseeme.org/ .

โ€‹
๐Ÿ”
6. Configure the air-gapped offline machine

An air-gapped offline machine is called your cold environment.
    Protects against key-logging attacks, malware/virus based attacks and other firewall or security exploits.
    Physically isolated from the rest of your network.
    Must not have a network connection, wired or wireless.
    Is not a VM on a machine with a network connection.
    Learn more about air-gapping at wikipedia.
A note about hardware requirements for an air-gapped offline machine.
    Can be as basic as a Raspberry Pi or an upcycled older laptop/desktop.
    Uses an usb port to transport files back and forth.
air-gapped offline machine
1
echo export NODE_HOME=$HOME/cardano-my-node >> $HOME/.bashrc
2
source $HOME/.bashrc
3
mkdir -p $NODE_HOME
Copied!
Copy from your hot environment, also known as your block producer node, a copy of the cardano-cli binaries to your cold environment, this air-gapped offline machine.
In order to remain a true air-gapped environment, you must move files physically between your cold and hot environments with USB keys or other removable media.

โ€‹
๐Ÿค–
7. Create startup scripts

The startup script contains all the variables needed to run a cardano-node such as directory, port, db path, config file, and topology file.
block producer node
relaynode1
1
cat > $NODE_HOME/startBlockProducingNode.sh << EOF
2
#!/bin/bash
3
DIRECTORY=$NODE_HOME
4
PORT=6000
5
HOSTADDR=0.0.0.0
6
TOPOLOGY=\${DIRECTORY}/${NODE_CONFIG}-topology.json
7
DB_PATH=\${DIRECTORY}/db
8
SOCKET_PATH=\${DIRECTORY}/db/socket
9
CONFIG=\${DIRECTORY}/${NODE_CONFIG}-config.json
10
/usr/local/bin/cardano-node run +RTS -N -A16m -qg -qb -RTS --topology \${TOPOLOGY} --database-path \${DB_PATH} --socket-path \${SOCKET_PATH} --host-addr \${HOSTADDR} --port \${PORT} --config \${CONFIG}
11
EOF
Copied!
1
cat > $NODE_HOME/startRelayNode1.sh << EOF
2
#!/bin/bash
3
DIRECTORY=$NODE_HOME
4
PORT=6000
5
HOSTADDR=0.0.0.0
6
TOPOLOGY=\${DIRECTORY}/${NODE_CONFIG}-topology.json
7
DB_PATH=\${DIRECTORY}/db
8
SOCKET_PATH=\${DIRECTORY}/db/socket
9
CONFIG=\${DIRECTORY}/${NODE_CONFIG}-config.json
10
/usr/local/bin/cardano-node run +RTS -N -A16m -qg -qb -RTS --topology \${TOPOLOGY} --database-path \${DB_PATH} --socket-path \${SOCKET_PATH} --host-addr \${HOSTADDR} --port \${PORT} --config \${CONFIG}
11
EOF
Copied!
Add execute permissions to the startup script.
block producer node
relaynode1
1
chmod +x $NODE_HOME/startBlockProducingNode.sh
Copied!
1
chmod +x $NODE_HOME/startRelayNode1.sh
Copied!
Run the following to create a systemd unit file to define yourcardano-node.service configuration.

โ€‹
๐Ÿฐ
Benefits of using systemd for your stake pool

    1.
    Auto-start your stake pool when the computer reboots due to maintenance, power outage, etc.
    2.
    Automatically restart crashed stake pool processes.
    3.
    Maximize your stake pool up-time and performance.
block producer node
relaynode1
1
cat > $NODE_HOME/cardano-node.service << EOF
2
# The Cardano node service (part of systemd)
3
# file: /etc/systemd/system/cardano-node.service
4
โ€‹
5
[Unit]
6
Description = Cardano node service
7
Wants = network-online.target
8
After = network-online.target
9
โ€‹
10
[Service]
11
User = ${USER}
12
Type = simple
13
WorkingDirectory= ${NODE_HOME}
14
ExecStart = /bin/bash -c '${NODE_HOME}/startBlockProducingNode.sh'
15
KillSignal=SIGINT
16
RestartKillSignal=SIGINT
17
TimeoutStopSec=300
18
LimitNOFILE=32768
19
Restart=always
20
RestartSec=5
21
SyslogIdentifier=cardano-node
22
โ€‹
23
[Install]
24
WantedBy = multi-user.target
25
EOF
Copied!
1
cat > $NODE_HOME/cardano-node.service << EOF
2
# The Cardano node service (part of systemd)
3
# file: /etc/systemd/system/cardano-node.service
4
โ€‹
5
[Unit]
6
Description = Cardano node service
7
Wants = network-online.target
8
After = network-online.target
9
โ€‹
10
[Service]
11
User = ${USER}
12
Type = simple
13
WorkingDirectory= ${NODE_HOME}
14
ExecStart = /bin/bash -c '${NODE_HOME}/startRelayNode1.sh'
15
KillSignal=SIGINT
16
RestartKillSignal=SIGINT
17
TimeoutStopSec=300
18
LimitNOFILE=32768
19
Restart=always
20
RestartSec=5
21
SyslogIdentifier=cardano-node
22
โ€‹
23
[Install]
24
WantedBy = multi-user.target
25
EOF
Copied!
Move the unit file to /etc/systemd/system and give it permissions.
1
sudo mv $NODE_HOME/cardano-node.service /etc/systemd/system/cardano-node.service
Copied!
1
sudo chmod 644 /etc/systemd/system/cardano-node.service
Copied!
Run the following to enable auto-starting of your stake pool at boot time.
1
sudo systemctl daemon-reload
2
sudo systemctl enable cardano-node
Copied!
Your stake pool is now managed by the reliability and robustness of systemd. Below are some commands for using systemd.

โ€‹
๐Ÿ”Ž
View the status of the node service

1
sudo systemctl status cardano-node
Copied!

โ€‹
๐Ÿ”„
Restarting the node service

1
sudo systemctl reload-or-restart cardano-node
Copied!

โ€‹
๐Ÿ›‘
Stopping the node service

1
sudo systemctl stop cardano-node
Copied!

๐Ÿ—„ Viewing and filter logs

1
journalctl --unit=cardano-node --follow
Copied!
1
journalctl --unit=cardano-node --since=yesterday
Copied!
1
journalctl --unit=cardano-node --since=today
Copied!
1
journalctl --unit=cardano-node --since='2020-07-29 00:00:00' --until='2020-07-29 12:00:00'
Copied!

โ€‹
โœ…
8. Start the nodes

Start your stake pool with systemctl and begin syncing the blockchain!
block producer node
relaynode1
1
sudo systemctl start cardano-node
Copied!
1
sudo systemctl start cardano-node
Copied!
Install gLiveView, a monitoring tool.
gLiveView displays crucial node status information and works well with systemd services. Credits to the Guild Operators for creating this tool.
1
cd $NODE_HOME
2
sudo apt install bc tcptraceroute -y
3
curl -s -o gLiveView.sh https://raw.githubusercontent.com/cardano-community/guild-operators/master/scripts/cnode-helper-scripts/gLiveView.sh
4
curl -s -o env https://raw.githubusercontent.com/cardano-community/guild-operators/master/scripts/cnode-helper-scripts/env
5
chmod 755 gLiveView.sh
Copied!
Run the following to modify env with the updated file locations.
1
sed -i env \
2
-e "s/\#CONFIG=\"\${CNODE_HOME}\/files\/config.json\"/CONFIG=\"\${NODE_HOME}\/mainnet-config.json\"/g" \
3
-e "s/\#SOCKET=\"\${CNODE_HOME}\/sockets\/node0.socket\"/SOCKET=\"\${NODE_HOME}\/db\/socket\"/g"
Copied!
A node must reach epoch 208 (Shelley launch) before gLiveView.sh can start tracking the node syncing. You can track the node syncing using journalctl before epoch 208.
1
journalctl --unit=cardano-node --follow
Copied!
Run gLiveView to monitor the progress of the sync'ing of the blockchain.
1
./gLiveView.sh
Copied!
Sample output of gLiveView.
For more information, refer to the official Guild Live View docs.โ€‹
โ€‹
โœจ
Pro tip: If you synchronize a node's database, you can copy the database directory over to your other node directly and save time.
Congratulations! Your node is running successfully now. Let it sync up.

โ€‹
โš™
9. Generate block-producer keys

The block-producer node requires you to create 3 keys as defined in the Shelley ledger specs:
    stake pool cold key (node.cert)
    stake pool hot key (kes.skey)
    stake pool VRF key (vrf.skey)
First, make a KES key pair.
block producer node
1
cd $NODE_HOME
2
cardano-cli node key-gen-KES \
3
--verification-key-file kes.vkey \
4
--signing-key-file kes.skey
Copied!
KES (key evolving signature) keys are created to secure your stake pool against hackers who might compromise your keys.
On mainnet, you will need to regenerate the KES key every 90 days.
โ€‹
๐Ÿ”ฅ
Cold keys must be generated and stored on your air-gapped offline machine. The cold keys are the files stored in $HOME/cold-keys.
Make a directory to store your cold keys
Air-gapped offline machine
1
mkdir $HOME/cold-keys
2
pushd $HOME/cold-keys
Copied!
Make a set of cold keys and create the cold counter file.
air-gapped offline machine
1
cardano-cli node key-gen \
2
--cold-verification-key-file node.vkey \
3
--cold-signing-key-file $HOME/cold-keys/node.skey \
4
--operational-certificate-issue-counter node.counter
Copied!
Be sure to back up your all your keys to another secure storage device. Make multiple copies.
Determine the number of slots per KES period from the genesis file.
block producer node
1
pushd +1
2
slotsPerKESPeriod=$(cat $NODE_HOME/${NODE_CONFIG}-shelley-genesis.json | jq -r '.slotsPerKESPeriod')
3
echo slotsPerKESPeriod: ${slotsPerKESPeriod}
Copied!
Before continuing, your node must be fully synchronized to the blockchain. Otherwise, you won't calculate the latest KES period. Your node is synchronized when the epoch and slot# is equal to that found on a block explorer such as https://pooltool.io/โ€‹
block producer node
1
slotNo=$(cardano-cli query tip --mainnet | jq -r '.slot')
2
echo slotNo: ${slotNo}
Copied!
Find the kesPeriod by dividing the slot tip number by the slotsPerKESPeriod.
block producer node
1
kesPeriod=$((${slotNo} / ${slotsPerKESPeriod}))
2
echo kesPeriod: ${kesPeriod}
3
startKesPeriod=${kesPeriod}
4
echo startKesPeriod: ${startKesPeriod}
Copied!
With this calculation, you can generate a operational certificate for your pool.
Copy kes.vkey to your cold environment.
Change the <startKesPeriod> value accordingly.
Stake pool operators must provide an operational certificate to verify that the pool has the authority to run. The certificate includes the operatorโ€™s signature, and includes key information about the pool (addresses, keys, etc.). Operational certificates represent the link between the operatorโ€™s offline key and their operational key.
air-gapped offline machine
1
cardano-cli node issue-op-cert \
2
--kes-verification-key-file kes.vkey \
3
--cold-signing-key-file $HOME/cold-keys/node.skey \
4
--operational-certificate-issue-counter $HOME/cold-keys/node.counter \
5
--kes-period <startKesPeriod> \
6
--out-file node.cert
Copied!
Copy node.cert to your hot environment.
Make a VRF key pair.
block producer node
1
cardano-cli node key-gen-VRF \
2
--verification-key-file vrf.vkey \
3
--signing-key-file vrf.skey
Copied!
Update vrf key permissions to read-only. You must also copy vrf.vkey to your cold environment.
1
chmod 400 vrf.skey
Copied!
Stop your stake pool by running the following:
block producer node
1
sudo systemctl stop cardano-node
Copied!
Update your startup script with the new KES, VRF and Operation Certificate.
block producer node
1
cat > $NODE_HOME/startBlockProducingNode.sh << EOF
2
DIRECTORY=$NODE_HOME
3
PORT=6000
4
HOSTADDR=0.0.0.0
5
TOPOLOGY=\${DIRECTORY}/${NODE_CONFIG}-topology.json
6
DB_PATH=\${DIRECTORY}/db
7
SOCKET_PATH=\${DIRECTORY}/db/socket
8
CONFIG=\${DIRECTORY}/${NODE_CONFIG}-config.json
9
KES=\${DIRECTORY}/kes.skey
10
VRF=\${DIRECTORY}/vrf.skey
11
CERT=\${DIRECTORY}/node.cert
12
cardano-node run --topology \${TOPOLOGY} --database-path \${DB_PATH} --socket-path \${SOCKET_PATH} --host-addr \${HOSTADDR} --port \${PORT} --config \${CONFIG} --shelley-kes-key \${KES} --shelley-vrf-key \${VRF} --shelley-operational-certificate \${CERT}
13
EOF
Copied!
To operate a stake pool, you need the KES, VRF key and Operational Certificate. Cold keys generate new operational certificates periodically.
Now start your block producer node.
block producer node
1
sudo systemctl start cardano-node
2
โ€‹
3
# Monitor with gLiveView
4
./gLiveView.sh
Copied!

โ€‹
๐Ÿ”
10. Setup payment and stake keys

First, obtain the protocol-parameters.
Wait for the block-producing node to start syncing before continuing if you get this error message.
cardano-cli: Network.Socket.connect: : does not exist (No such file or directory)
block producer node
1
cardano-cli query protocol-parameters \
2
--mainnet \
3
--out-file params.json
Copied!
Payment keys are used to send and receive payments and stake keys are used to manage stake delegations.
There are two ways to create your payment and stake key pair. Pick the one that best suits your needs.
โ€‹
๐Ÿ”ฅ
Critical Operational Security Advice: payment and stake keys must be generated and used to build transactions in an cold environment. In other words, your air-gapped offline machine. Copy cardano-cli binary over to your offline machine and run the CLI method or mnemonic method. The only steps performed online in a hot environment are those steps that require live data. Namely the follow type of steps:
    querying the current slot tip
    querying the balance of an address
    submitting a transaction
CLI Method
Mnemonic Method
Create a new payment key pair: payment.skey & payment.vkey
1
###
2
### On air-gapped offline machine,
3
###
4
cd $NODE_HOME
5
cardano-cli address key-gen \
6
--verification-key-file payment.vkey \
7
--signing-key-file payment.skey
Copied!
Create a new stake address key pair: stake.skey & stake.vkey
1
###
2
### On air-gapped offline machine,
3
###
4
cardano-cli stake-address key-gen \
5
--verification-key-file stake.vkey \
6
--signing-key-file stake.skey
Copied!
Create your stake address from the stake address verification key and store it in stake.addr
1
###
2
### On air-gapped offline machine,
3
###
4
cardano-cli stake-address build \
5
--stake-verification-key-file stake.vkey \
6
--out-file stake.addr \
7
--mainnet
Copied!
Build a payment address for the payment key payment.vkey which will delegate to the stake address, stake.vkey
1
###
2
### On air-gapped offline machine,
3
###
4
cardano-cli address build \
5
--payment-verification-key-file payment.vkey \
6
--stake-verification-key-file stake.vkey \
7
--out-file payment.addr \
8
--mainnet
Copied!
Credits to ilap for creating this process.
Benefits: Track and control pool rewards from any wallet (Daedalus, Yoroi or any other wallet) that support stakings.
Create a 15-word or 24-word length shelley compatible mnemonic with Daedalus or Yoroi on a offline machine preferred.
Using your online block producer node, download cardano-wallet
1
###
2
### On block producer node,
3
###
4
cd $NODE_HOME
5
wget https://hydra.iohk.io/build/3662127/download/1/cardano-wallet-shelley-2020.7.28-linux64.tar.gz
Copied!
Verify the legitimacy of cardano-wallet by checking the sha256 hash found in the Details button.โ€‹
1
echo "f75e5b2b4cc5f373d6b1c1235818bcab696d86232cb2c5905b2d91b4805bae84 *cardano-wallet-shelley-2020.7.28-linux64.tar.gz" | shasum -a 256 --check
Copied!
Example valid output:
cardano-wallet-shelley-2020.7.28-linux64.tar.gz: OK
Only proceed if the sha256 check passes with OK!
Transfer the cardano-wallet to your air-gapped offline machine via USB key or other removable media.
Extract the wallet files and cleanup.
1
###
2
### On air-gapped offline machine,
3
###
4
tar -xvf cardano-wallet-shelley-2020.7.28-linux64.tar.gz
5
rm cardano-wallet-shelley-2020.7.28-linux64.tar.gz
Copied!
CreateextractPoolStakingKeys.sh script.
1
###
2
### On air-gapped offline machine,
3
###
4
cat > extractPoolStakingKeys.sh << HERE
5
#!/bin/bash
6
โ€‹
7
CADDR=\${CADDR:=\$( which cardano-address )}
8
[[ -z "\$CADDR" ]] && ( echo "cardano-address cannot be found, exiting..." >&2 ; exit 127 )
9
โ€‹
10
CCLI=\${CCLI:=\$( which cardano-cli )}
11
[[ -z "\$CCLI" ]] && ( echo "cardano-cli cannot be found, exiting..." >&2 ; exit 127 )
12
โ€‹
13
OUT_DIR="\$1"
14
[[ -e "\$OUT_DIR" ]] && {
15
echo "The \"\$OUT_DIR\" is already exist delete and run again." >&2
16
exit 127
17
} || mkdir -p "\$OUT_DIR" && pushd "\$OUT_DIR" >/dev/null
18
โ€‹
19
shift
20
MNEMONIC="\$*"
21
โ€‹
22
# Generate the master key from mnemonics and derive the stake account keys
23
# as extended private and public keys (xpub, xprv)
24
echo "\$MNEMONIC" |\
25
"\$CADDR" key from-recovery-phrase Shelley > root.prv
26
โ€‹
27
cat root.prv |\
28
"\$CADDR" key child 1852H/1815H/0H/2/0 > stake.xprv
29
โ€‹